Layer-2 Filtering Policy

In order to help maintain hygiene across the peering fabric, all peering participant ports are subjected to a standard layer-2 filtering policy to limit frames that are considered unwanted at the peering fabric.  Below is a list of frames that are filtered (dropped) by default.  This list is revised as necessary.

ethernet-destination-address 01:80:c2:00:00:00 ;
ethernet-destination-address 01:00:0c:cc:cc:cc ; snap-type 0x2000 ;
ethernet-destination-address 01:00:0c:cc:cc:cc ; snap-type 0x2003 ;
ethernet-destination-address 01:00:0c:cc:cc:cd ; 
ethernet-destination-address 01:00:0c:cc:cc:cc ; snap-type 0x2004 ;
ethernet-destination-address 01:00:0c:cc:cc:cc ; snap-type 0x0111 ;
ethernet-destination-address 01:00:0c:cc:cc:cc ; snap-type 0x0104 ;
ethernet-destination-address 00:e0:2b:00:00:00 ; snap-type 0x00bb ;
ethernet-destination-address 01:80:c2:00:00:0e ; ethernet-type 0x88cc
ethernet-destination-address 01:80:c2:00:88:bf ; ethernet-type 0x88bf 
ethernet-type 0x9998
ethernet-type 0x999a

In general peers are expected to send only  IPv4 (0x0800 ), IPv6 (0x86dd ) and ARP (0x0806) ethertypes.  Other frames types will be dropped without notice.

Mac address security

To keep security at the highest level we implement Layer 2 MAC filtering on the INX-ZA peering fabric. This is to help prevent unauthorised traffic from entering the exchange. Each peering port/bundle is restricted to a single MAC address and is statically locked down.  Additionally, MAC address learning is disabled on each port, meaning we will not learn a new MAC address if the old one becomes unavailable.

If you require the MAC on your port to change please email ops @ inx.net.za to schedule the time the change will take place and our team will be on standby to perform the change.